I'm just hashing the passwords, but that seemed to obscure the data enough for the purposes of a game site. Besides, why bother stealing the passwords outright when the keylogger that Twilight installs will get me credit cards and bank accounts, too?

Someday, I'm probably going to regret saying that. Someone's going to take it seriously and tell their parents I'm stealing things from their computers, and I'll end up in jail. Sheesh.

Stored in a hash but able to be edited by an admin, I would assume? Or are you totally unable to touch them?

As it's in a database, I can of course edit the password, in that I can delete them entirely or put anything else I want into that field. I don't know of any way to convert/extract the current one from the hashed result, but on a couple of occasions when people lost their password I did insert a temporary one for them until they could log in and change it back. For the most part, though, I discourage the losing of passwords because it's a total pain for me, and if I don't know you well enough to trust you I might not feel confident in resetting it.

That's kinda what I figured. For what it's worth, I think there are some tools that can extract a password from a hash, but they're pretty limited (I believe they need to be 'trained', and of course, you need access to the hashes), and I think they don't work over a certain length (as hashes tend to be of a set length, even when the pw is longer than the hash).

Anyway, what you might consider for lost passwords is having an automated system that creates a new password (ie: 4 random numbers and a random letter) to the associated e-mail.

_________________The churches are empty / The priest has gone home / And we are left standing / Together alone--October Project: "Dark Time"